I'm currently working on fixing a semi broken REST API that exposed way too much of the data internals to clients. The clients have so much control over the DB that they must chain calls in a specific order and have none of them drop or else the DB can get into a nonsensical state. I understand why it was built this way by the consulting firm, because it let them leverage a server side framework to auto generate a ton of endpoints based on the DB schema, but it's a great example of REST gone wrong.

I'm considering transitioning to an RPC framework to dig out of this mess, but not sure that will go over well with one of the REST gurus on my team.